Schneier on Security
OCTOBER 3, 2024
Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware.
The Last Watchdog
OCTOBER 3, 2024
Singapore, Oct. 3, 2024, CyberNewswire — At DEF CON 32, the SquareX research team delivered a hard-hitting presentation titled Sneaky Extensions: The MV3 Escape Artists where they shared their findings on how malicious browser extensions are bypassing Google’s latest standard for building chrome extensions: Manifest V3 (MV3)’s security features, putting millions of users and businesses at risk.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
OCTOBER 3, 2024
A third of U.K. teachers have not received cyber security training this year, and only two-thirds of those that did deemed it useful, according to a government poll.
Malwarebytes
OCTOBER 3, 2024
Like something out of Black Mirror, two students have demonstrated a way to use smart glasses and facial recognition technology to immediately reveal people’s names, phone numbers, and addresses. The Harvard students have dubbed the system I-XRAY and it works like this: When you look at someone’s face through the glasses—they used Ray-Ban Meta smart glasses—a connected Artificial Intelligence (AI) platform will look up that face on the internet and pull up all the information it can find about t
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
OCTOBER 3, 2024
Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months.
The Hacker News
OCTOBER 3, 2024
A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Hacker News
OCTOBER 3, 2024
Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated techniques," Aqua security researchers Assaf Morag and Idan Revivo said in a report shared with The Hacker News.
The Last Watchdog
OCTOBER 3, 2024
San Francisco, Calif., Oct. 3, 2024, CyberNewswire — Doppler , the leading platform in secrets management, today announces the launch of Change Requests , a new feature providing engineering teams with a secure, auditable approval process for managing and controlling secret changes across environments. Designed to enhance security, compliance, and team collaboration, Change Requests gives organizations the tools to mitigate the potential risks from misconfigurations or unauthorized changes
The Hacker News
OCTOBER 3, 2024
Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries.
The Last Watchdog
OCTOBER 3, 2024
Torrance, Calif., Oct. 3, 2024, CyberNewswire — An exclusive live webinar will take place on October 4th at noon Eastern Time (ET), demonstrating how Criminal IP’s Attack Surface Management (ASM) can help organizations proactively detect and mitigate cyber threats. The webinar will feature a Criminal IP ASM Live Demo, providing a comprehensive view of attack surface visibility.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
OCTOBER 3, 2024
INTERPOL has announced the arrest of eight individuals in Côte d'Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said.
Security Affairs
OCTOBER 3, 2024
The Dutch government blames a “state actor” for hacking a police system, exposing the contact details of all police officers, according to the justice minister. The Dutch police blame a state actor for the recent data breach that exposed officers’ contact details, the justice minister told lawmakers. The incident took place on September 26, 2024, and the police have reported the security breach to the Data Protection Authority.
The Hacker News
OCTOBER 3, 2024
Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that's responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface.
Security Boulevard
OCTOBER 3, 2024
As organizations continue to adopt more SaaS applications, the need for comprehensive security solutions will only grow. The post SSPM: A Better Way to Secure SaaS Applications appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
OCTOBER 3, 2024
Cloudflare recently mitigated a new record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion packets per second (Pps). Cloudflare reported that starting from early September, it has mitigated over 100 hyper-volumetric L3/4 DDoS attacks, with many exceeding 2 billion Pps and 3 Tbps. The largest DDoS attack peaked at 3.8 Tbps, that is the highest ever publicly disclosed. “Cloudflare’s defenses mitigated over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with m
Malwarebytes
OCTOBER 3, 2024
Two things are true of data online: It will be collected and, just as easily, it will be lost. But a major update to Malwarebytes Browser Guard will better protect users from opaque data collection that happens every day online, as well as raising their awareness about corporate data breaches that have left their sensitive information vulnerable to harm.
Penetration Testing
OCTOBER 3, 2024
A high-severity vulnerability, CVE-2024-9313 ((CVSS 8.8)), has been discovered in Authd, an authentication daemon used for secure identity and access management in Ubuntu machines. This flaw could allow malicious actors... The post Authd Vulnerability (CVE-2024-9313) Allows User Impersonation on Ubuntu Systems appeared first on Cybersecurity News.
Webroot
OCTOBER 3, 2024
Generative AI has taken the world by storm, transforming how individuals and businesses interact with and trust this new technology. With tools like ChatGPT, Grok, DALL-E, and Microsoft Copilot, everyday users are finding new ways to enhance productivity, creativity, and efficiency. However, as the integration of AI into daily life accelerates, so do the concerns around privacy and security.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
SecureWorld News
OCTOBER 3, 2024
The utility industry is undergoing changes that were unimaginable just a few decades ago. Remember when we were all excited about dial-up internet? Things have changed. Fast forward to today, and and we're not just talking about high-speed internet. But it also includes smart devices that monitor every aspect of today's utilities. From smart meters to self-repairing cables and now, with the launch of 5G, it feels like we are entering a new era.
The Hacker News
OCTOBER 3, 2024
For years, securing a company’s systems was synonymous with securing its “perimeter.” There was what was safe “inside” and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe.
Penetration Testing
OCTOBER 3, 2024
A high-severity vulnerability (CVE-2024-5102) has been discovered in Avast Antivirus for Windows, potentially allowing attackers to gain elevated privileges and wreak havoc on users’ systems. This flaw, present in versions... The post CVE-2024-5102: Avast Antivirus Flaw Could Allow Hackers to Delete Files and Run Code as SYSTEM appeared first on Cybersecurity News.
Graham Cluley
OCTOBER 3, 2024
International law enforcement continues to dismantle the LockBit ransomware gang's infrastructure. Read more in my article on the Tripwire State of Security blog.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
OCTOBER 3, 2024
Gen Threat Labs has issued an alert about a newly discovered rootkit named Snapekit, which poses a significant threat to Arch Linux systems running kernel version 6.10.2-arch1-1 x86_64. This sophisticated... The post Snapekit Rootkit Unveiled: A Stealthy Threat Targeting Arch Linux appeared first on Cybersecurity News.
Zero Day
OCTOBER 3, 2024
The AAWireless TWO is now smarter and more customizable - but only for Android users. Here's how to get notified when the dongle goes on sale later this month.
Heimadal Security
OCTOBER 3, 2024
Privileged access management is one of the most important topics in cybersecurity – yet it can be a minefield to get right. For hackers, elevated permissions are one of the absolute best ways to plan and execute a successful account. In fact, many attacks would simply be impossible without them. But effective privileged access management […] The post The Complete Guide to PAM Tools, Features, And Techniques appeared first on Heimdal Security Blog.
Zero Day
OCTOBER 3, 2024
Want a voice assistant you can have natural conversations with? If you're on Android, you're in luck.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
CompTIA on Cybersecurity
OCTOBER 3, 2024
Learn how to create relevant and impactful tabletop exercises for your clients.
Zero Day
OCTOBER 3, 2024
This lifetime license bundle deal gives you access to the entire Microsoft Office Pro 2021 suite and Windows 11 Pro for just $53 for a limited time.
Google Security
OCTOBER 3, 2024
Posted by Sherk Chung, Stephan Chen, Pixel team, and Roger Piqueras Jover, Ivan Lozano, Android team Pixel phones have earned a well-deserved reputation for being security-conscious. In this blog, we'll take a peek under the hood to see how Pixel mitigates common exploits on cellular basebands. Smartphones have become an integral part of our lives, but few of us think about the complex software that powers them, especially the cellular baseband – the processor on the device responsible for handl
Zero Day
OCTOBER 3, 2024
The fifth-gen Lenovo ThinkBook Plus is a laptop/tablet hybrid that runs on both Windows 11 and Android 13, resulting in a unique user experience that changed the way I use both.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
254 
Let's personalize your content